When initiating GSSAPI context override tgs-enctypes
authorSam Hartman <hartmans@mit.edu>
Sun, 18 Nov 2001 23:46:32 +0000 (23:46 +0000)
committerSam Hartman <hartmans@mit.edu>
Sun, 18 Nov 2001 23:46:32 +0000 (23:46 +0000)
rather than  trying all acceptable enctypes  in a loop.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13989 dc483132-0cff-0310-8789-dd5450dbe970

src/include/ChangeLog
src/include/krb5.hin
src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/init_sec_context.c
src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/init_ctx.c

index 9c1f3e6d3b37de39f5ebdb259d4aac3930339ef2..8e839057335334a28801bdb3236364e44f066611 100644 (file)
@@ -1,3 +1,7 @@
+2001-11-18  Sam Hartman  <hartmans@mit.edu>
+
+       * krb5.hin: Add krb5_set_default_tgs_enctypes
+
 2001-11-15  Sam Hartman  <hartmans@mit.edu>
 
        * krb5.hin:  Add krb5_c_random_add_entropy and
index cd27bdbdc1f5d40c8fcf274325eba1dc1dd4662d..e94eaad91b6e3374b21cd846fb00b4ebaa3da76d 100644 (file)
@@ -1327,6 +1327,10 @@ krb5_error_code krb5_get_default_in_tkt_ktypes
 krb5_error_code krb5_set_default_tgs_ktypes
        (krb5_context,
                krb5_const krb5_enctype *);
+krb5_error_code KRB5_CALLCONV 
+krb5_set_default_tgs_enctypes
+       (krb5_context,
+               krb5_const krb5_enctype *);
 krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
        (krb5_context,
                krb5_const_principal,
index 5d6982149df60509b2748e83dd592bfd69c27ecb..4a6bd8e798e7335696a299789585e69b9bb1cd7b 100644 (file)
@@ -1,3 +1,9 @@
+2001-11-18  Sam Hartman  <hartmans@mit.edu>
+
+       * init_sec_context.c (get_credentials): Override
+       default_tgs_enctypes rather than looping over credentials.  Avoids
+       hits on the KDC.
+
 2001-10-30  Ezra Peisach  <epeisach@mit.edu>
 
        * k5unseal.c: Fix whitespace in copyright message.
index 6a88a4ebcf95850f56f62c9739c6518c2c19a036..72e3ccfacbcf0e8347cf167a5e6311c69161dff3 100644 (file)
@@ -113,31 +113,11 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     in_creds.keyblock.enctype = 0;
 
-    /*
-     * Initial iteration is necessary to catch a non-matching
-     * credential prior to looping through the GSSAPI-supported
-     * enctypes, since an enctype mismatch in the loop below will
-     * return KRB5_CC_NOTFOUND rather than one of the other error
-     * codes.
-     */
-    code = krb5_get_credentials(context, 0, cred->ccache,
-                               &in_creds, out_creds);
+    code = krb5_set_default_tgs_enctypes (context, enctypes);
     if (code)
-       goto cleanup;
-    krb5_free_creds(context, *out_creds);
-    *out_creds = NULL;
-    for (i = 0; enctypes[i]; i++) {
-       in_creds.keyblock.enctype = enctypes[i];
-       code = krb5_get_credentials(context, 0, cred->ccache, 
-                                   &in_creds, out_creds);
-       if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND
-           && code != KRB5KDC_ERR_ETYPE_NOSUPP)
-           break;
-    }
-    if (enctypes[i] == 0) {
-       code = KRB5_CONFIG_ETYPE_NOSUPP;
-       goto cleanup;
-    }
+      goto cleanup;
+        code = krb5_get_credentials(context, 0, cred->ccache,
+                               &in_creds, out_creds);
     if (code)
        goto cleanup;
 
index 83558a028b29e5f7d2879575c9322beabe4819b7..1b91275b3a7bdc3894351f56f493e198923d53d2 100644 (file)
@@ -1,3 +1,8 @@
+2001-11-16  Sam Hartman  <hartmans@mit.edu>
+
+       * init_ctx.c (krb5_set_default_tgs_enctypes):  rename from
+       set_default_ktypes; old function provided as APIA 
+
 2001-11-16  Ezra Peisach  <epeisach@mit.edu>
 
        * init_ctx.c (DEFAULT_ETYPE_LIST): Ensure space present after
index 45af231f2cac3808c0a18f0d5efce9deb7d4c7df..6d87c73aecdd86e84cef75012e7a538ef86d00b4 100644 (file)
@@ -388,8 +388,8 @@ krb5_get_default_in_tkt_ktypes(context, ktypes)
                                  context->in_tkt_ktypes));
 }
 
-krb5_error_code
-krb5_set_default_tgs_ktypes(context, ktypes)
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_tgs_enctypes (context, ktypes)
        krb5_context context;
        const krb5_enctype *ktypes;
 {
@@ -420,6 +420,13 @@ krb5_set_default_tgs_ktypes(context, ktypes)
     return 0;
 }
 
+krb5_error_code krb5_set_default_tgs_ktypes
+(krb5_context context, const krb5_enctype *etypes)
+{
+  return (krb5_set_default_tgs_enctypes (context, etypes));
+}
+
+
 void
 KRB5_CALLCONV
 krb5_free_ktypes (context, val)